Simple mobile solutions that opened the mobile market used a single identity provider for authenticating an individual or device. This is due to the fact that users carried a specific function with their mobile application, such as expense reporting that only required the user to authenticate against a single identity provider. This method works for single identities since the token that is provided by the identity provider can easily be mapped to the service. In this case, the developer understands exactly how to submit credentials from the identity provider to the service during each call.
As applications have evolved with the advent of social media and cloud computing, developers have to now contend with both internal identities as well as external identities to gather data and create responses for the end user. This creates complex identity management problems since the developer needs to keep track of what services match which identity, as well as how the identity maps to the backend service. Also, when multiple identities are used, developers are forced to keep track of all the tokens as well as programmatically map these tokens to each of the services they want to use. In such case, the device may need several different identities.
Some of the tokens from these identities could be passed in the header, some tokens could be passed in the URL as well as some identity providers may send multiple tokens back to the developer. It would be the developer's responsibility to understand how all these tokens map back to a service. However, this presents many problems including:
(i) the user must keep up with all the tokens for each provider;
(ii) some services may take a specific subset of tokens as part of the service, and it is then up to the developer to map the tokens from an identity provider to the service properly using code;
(iii) the developer must code the identity mapping into each service call, which requires the user to understand which identities themselves map to which service; and
(iv) if the service changes, the developer must remap all these services in their code with their respective identities, which becomes problematic when the user may be using similar services across multiple applications.
Further, there is increased interest in an emerging field called TOT (the Internet of Things). In this domain, millions of connected entities including sensors for a variety of domestic uses (e.g., monitoring a home's temperature and humidity), industrial uses (e.g., monitoring the environmental conditions of a chemical process), and personal uses (e.g., devices monitoring our health and other parameters such as wearables) are rapidly being discovered every day. As such, the whole domain of providing identity and access management services is not just about computers, phones and tablets anymore; it now includes providing a foundational underpinning that is able to provide these services for a new vast class of intermittently connected devices across the ecosystem that will soon be proliferating in the billions in the next few years.